Security Flaw Found in Apple's Siri Personal Assistant

The app will allow anyone to control an iPhone 4S even if it's locked with a passcode.

Posted October 19, 2011

Share

The iPhone 4S' new voice-activated Siri personal assistant will allow a complete stranger to control your phone even if it's locked with a passcode.

"I borrowed a passcode-locked iPhone 4S from a colleague here at Sophos and, with his permission, was able to write an email, and send a text message," writes Sophos' Graham Cluley. "If I had wanted to I could have meddled with his calendar appointments too."

"What's disappointing to me ... is that Apple had a clear choice here," Cluley writes. "They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."